Google has given websites a not-so-subtle prod towards security in 2018. Beginning this July, Google Chrome began visibly marking all HTTP sites as “not secure” in the address bar, signaling to visitors that their data may not be fully secure when interacting with a non-HTTPS enabled domain. What does this change mean for you and why does Google think this move is worthwhile? Keep reading to learn more about these security-focused changes rolling out this year.
Where Is the “Not Secure” Warning?
Starting with Chrome Version 68, Google will begin marking the address bar with one of two icons: if the website is secure, a green padlock with the word “Secure” (or, alternatively, the website’s verified domain name) will be displayed on the far-left of the site URL. Sites still rolling with the unsecured HTTP protocol will display a gray “i” icon accompanied by the ominous phrase “Not Secure.”
Good:
Bad:
What’s the Difference Between HTTP & HTTPS?
Hyper Text Transfer Protocol (HTTP) is the protocol that acts as a bridge between your browser and the website you are accessing. Third parties can (and do) intercept this data to glean information about visitor activity and browsing behavior. In HTTPS, the additional “S” stands for “Secure.” This indicates that the data transferring between your browser and a secured website has been encrypted and is unreadable to third parties. A website featuring an HTTPS URL has purchased and deployed an SSL Certificate. SSL certification requires some form of verification for the website’s ownership by a third-party authority.
Securing your website with an SSL certificate should be considered not only the “new normal” for the web, but the bare bones security measures that vendors and site operators should offer to visitors. This is especially crucial for ecommerce, banking, or financial websites where sensitive information such as credit card numbers or personally-identifying data is being submitted.
Should I Avoid Non-Secured Websites?
The short answer is: in most cases, yes. If you plan to give your credit card or bank account information to a website, that site owes it to you as a customer to at least attempt keeping your data secure. Deploying SSL certificates and HTTPS protocols can be an expensive and time-consuming process, but it is a good-faith step that organizations undertake to signal to visitors that their data will be safe in the website’s hands. Domains fail to purchase and deploy SSL certificates oftentimes because they have chosen to cut corners in order to save money. Your personal data should not be sacrificed for someone else’s bottom line.
If you make a purchase through an unsecured ecommerce website, understand that your sensitive data is being transferred to that website’s server with no encryption while in transit. With 81 of the Internet’s top 100 websites having made the migration to HTTPS and the aggressive moves by Google to further fuel that trend, HTTPS is no longer just an added benefit but a cost of doing business in the modern world.